Evaluating Risks In Your Organisation
This is the fifth step in a seven-stage process of successfully tackling risk management in your organisation. The first step in the process is communication and consultation and this needs to occur regularly if you are to continue to keep risk management at the front of everyone’s mind.
In this regard you need to continually communicate throughout the process with your organisation and others who may be impacted.
By now you should have undertaken a detailed identification of risks that your organisation faces and you then would have analysed these risks (or hazards). Now we look at how we evaluate these.
By working together your organisation can review the results of your analysis and objectively assess each of the risks in turn. Again, this is probably a job for your risk management committee but it is important to keep everyone involved in the process.
The evaluation of risk will enable priorities to be established that equate to an appropriate level of risk. This will allow you to decide what is an appropriate action for treating each risk. A major decision you will have to make before looking at how to treat risks is whether a risk is acceptable or unacceptable. This decision will depend on the activities of your organisation and should be made according to set criteria that you are confident to stand by.
These criteria should be documented so that they can be reviewed and monitored over time and to ensure that there is a record for future committees to follow and understand.
Criteria for acceptable and unacceptable risks can be listed under frequency and severity/consequences.
For example, in terms of severity, your organisation may deem the following consequences unacceptable:
- Injuries resulting in hospitalization
- Financial losses of more than $500 for one incident
- Any bad publicity
- Any legal action against the organisation
- A broken window from a fallen tree limb
In terms of frequency, these may be unacceptable:
- Frequent minor injuries
- Events that frequently interrupt your organisation’s activities
- Frequent small financial losses
Although these criteria will reduce some of the indecision, ultimately the decision on whether a risk is acceptable or unacceptable rests with those responsible for the evaluation. It is subjective and that is why we suggest that you may want to take this step with more than one person looking at it.
The answers will depend on knowledge and experience and you should also ensure the integrity and credibility of your decisions.
When weighing up whether a risk is acceptable or not, consider how you defined your organisation, the aims and activities when you established a context for risk management. For example, most people would consider frequent minor injuries in a metal fabrication shop as acceptable and unavoidable.
But if this is occurring through poor work practices or training then this should be attended to.
Many companies will be based around activities that involve some inherent level of risk, for example, heavy manufacturing, mining and construction. Only you can decide what is an acceptable level of risk for your organisation, but remember that a judge may have an entirely different perspective so bear this in mind.
Do not discount something because it has never happened.
If you decide a risk is unacceptable, you will have to decide how to treat it. If the risk is minor or the cost of avoiding it is beyond your capacity to pay you may need to consider accepting the risk if it is core to your organisation’s existence.
Remember, however, a decision to accept a risk must be an informed and reasoned one because if something does go wrong and somebody gets hurt, you may well be asked why the risk was deemed acceptable. If you choose to accept a risk, do not forget about it. Be mindful of the consequences and do not ignore them in the hope it will never happen.
Monitor the risk and reassess it regularly; you may decide in the future that a risk you once thought was acceptable can no longer be accepted.
Remember that this is an ongoing process and decisions that you make should be documented. Keep a record not just of what decisions were made, but why they were made. These reasons should be included in minutes for your meetings. This will ensure that future management or committees can understand what happened and what you were thinking at the time the decision was taken. They can also be used in defence of a claim taken out against your organisation.
Examples of records used to defend claims are:
- Meeting minutes – any decision made at a meeting should be minuted to provide a record of what was decided and why. Significant decisions should be supported in some way by a record of the process used to arrive at the decision made. This may include decisions made at meetings through a consultative process. These should also be minuted.
- File notes – conversations in person or on the phone where an action is agreed, advice is sought and/or provided, or information is provided, should be recorded. This can be done in a hard copy or electronic register. It provides traceability should a complaint be made or an incident occur
- Incident records – notes taken or forms completed when a person reports an incident or injury. Organisations need to be consistent in the type of information they gather when recording an incident, and in investigating the surrounding circumstances. It is essential to have a specific form for this kind of record.
- Training records – attendance by staff at any training should be recorded. These records may be requested by a court at some stage to make an assessment of the competency of the people concerned.
Keeping records such as these helps prove that decisions you have made have been reached systematically and that the rationale for a decision is sound.
While all care has been taken in the preparation of this material, no responsibility is accepted by the author(s), Cornstalk Software P/L or its staff, for any errors, omissions or inaccuracies. The material provided in this document has been prepared to provide general information only. It is not intended to be relied upon or be a substitute for legal or other professional advice.
No responsibility can be accepted by the author(s) or Cornstalk Software P/L for any known or unknown consequences that may result from reliance on any information provided in this publication
- Analysing Risks In Your Organisation
- Communicating Risk Management To Your Organisation
- Establishing A Context For Risk Management
- Identifying Risks In Your Organisation
- Monitoring and Reviewing Risks In Your Organisation
- How to use bottlenecks in your business to help you write effective standard operating procedures (SOP)
- SOP Software to help you manage your standard operating procedures (SOP)
* Please read our disclaimer before downloading any of our documents